skills/mukul975/anthropic-cybersecurity-skills/building-threat-intelligence-feed-integration/Gen Agent Trust Hub
building-threat-intelligence-feed-integration
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Downloads indicator data from well-known security services including CISA's TAXII server, Abuse.ch (URLhaus/Feodo Tracker), and AlienVault OTX feeds. These are recognized industry sources for threat intelligence.
- [CREDENTIALS_UNSAFE]: Disables SSL certificate verification (
verify=False) inscripts/agent.pyand the Splunk integration code inSKILL.md. This practice exposes the connection to Man-in-the-Middle (MitM) attacks, potentially compromising authentication tokens or indicator data. - [COMMAND_EXECUTION]: The
scripts/agent.pyscript accepts sensitive authentication credentials, such as the TAXII password, as a plain-text command-line argument (--taxii-pass). Secrets passed this way may be visible in system process logs or history. - [DATA_EXFILTRATION]: Collects and transmits security indicators to configured SIEM and MISP endpoints. While this is the intended functionality, users should ensure target URLs are correctly configured to prevent data from being sent to unauthorized destinations.
Audit Metadata